【開源項目】Spring Security三大權限框架案例講解01—項目初始化

GitHub

UncleCatMySelf/myself-security

前言

大致簡介項目主要逐步迭代講解Spring Security + Spring Social + Spring Security OAuth + REST服務開發，通過實際的案例開發來講解，項目註解詳細適合作爲教程案例，同時對代碼的演進還有重構也會有對應的推文講解！

什麼是登錄與賬戶安全！？

大多數初級的程序員可能理解的比較簡單，即普通的表單登錄，數據查詢等等，但是真正的企業登錄權限系統是如何的呢？現在大多數主流的權限系統一般都是使用Spring Security了，而我們的主題也是它，讓我們來深入瞭解這個權限框架吧！

項目搭建

首先是項目的目錄，項目採用Maven多模塊模式開發。

1、Myself-security：主模塊(pom)
2、Myself-security-core：核心業務邏輯(jar)
3、Myself-security-browser：瀏覽器安全特定代碼(jar)
4、Myself-security-app：app相關特定代碼(jar)
5、Myself-security-demo：樣例程序(jar)

相關Pom文件

讓我們來了解項目的主模塊的pom文件，這個的packaging要選擇爲pom形式，我們選擇引入Spring IO來控制版本，還有配置Maven插件，具體如下

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>com.myself.security</groupId>
    <artifactId>myself-security</artifactId>
    <version>1.0-SNAPSHOT</version>
    <packaging>pom</packaging>

    <!-- 配置版本參數 -->
    <properties>
        <myself.security.version>1.0-SNAPSHOT</myself.security.version>
    </properties>

    <!-- 幫助我們管理Maven依賴的版本，由spring IO 來指定版本 -->
    <dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>io.spring.platform</groupId>
                <artifactId>platform-bom</artifactId>
                <version>Cairo-SR4</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
            <dependency>
                <groupId>org.springframework.cloud</groupId>
                <artifactId>spring-cloud-dependencies</artifactId>
                <version>Finchley.SR1</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
        </dependencies>
    </dependencyManagement>

    <!-- 配置Maven插件 -->
    <build>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-compiler-plugin</artifactId>
                <version>3.7.0</version>
                <configuration>
                    <source>1.8</source>
                    <target>1.8</target>
                    <encoding>UTF-8</encoding>
                </configuration>
            </plugin>
        </plugins>
    </build>

    <!-- 子模塊引入 -->
    <modules>
        <module>../myselfsecuritycore</module>
        <module>../myselfsecuritydemo</module>
        <module>../myselfsecuritybrowser</module>
        <module>../myselfsecurityapp</module>
    </modules>

</project>

接下來是core的核心組件，這一塊的代碼較多，我中間部分就省略了，具體可以去GitHub查看

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <!-- 父模塊信息 -->
    <parent>
        <artifactId>myself-security</artifactId>
        <groupId>com.myself.security</groupId>
        <version>1.0-SNAPSHOT</version>
        <relativePath>../myselfsecurity</relativePath>
    </parent>
    <modelVersion>4.0.0</modelVersion>

    <artifactId>myself-security-core</artifactId>

    <dependencies>
        <!-- 引入所有與Spring Security相關的jar包 -->
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-oauth2</artifactId>
        </dependency>
        <dependency>
            <groupId>...</groupId>
            <artifactId>...</artifactId>
        </dependency>
    </dependencies>

</project>

而app模塊是針對App的權限，這一塊只要引入core組件即可

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <!-- 父模塊信息 -->
    <parent>
        <artifactId>myself-security</artifactId>
        <groupId>com.myself.security</groupId>
        <version>1.0-SNAPSHOT</version>
        <relativePath>../myselfsecurity</relativePath>
    </parent>
    <modelVersion>4.0.0</modelVersion>

    <artifactId>myself-security-app</artifactId>

    <!-- 引入core核心代碼組件 -->
    <dependencies>
        <dependency>
            <groupId>com.myself.security</groupId>
            <artifactId>myself-security-core</artifactId>
            <version>${myself.security.version}</version>
        </dependency>
    </dependencies>

</project>

對於browser瀏覽器模塊，則需要加Session集羣管理，由於app是使用token，而瀏覽器則是session

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <!-- 父模塊信息 -->
    <parent>
        <artifactId>myself-security</artifactId>
        <groupId>com.myself.security</groupId>
        <version>1.0-SNAPSHOT</version>
        <relativePath>../myselfsecurity</relativePath>
    </parent>
    <modelVersion>4.0.0</modelVersion>

    <artifactId>myself-security-browser</artifactId>

    <dependencies>
        <!-- 引入core核心代碼組件 -->
        <dependency>
            <groupId>com.myself.security</groupId>
            <artifactId>myself-security-core</artifactId>
            <version>${myself.security.version}</version>
        </dependency>
        <!-- 集羣環境下的session管理 -->
        <!-- 部分組件的版本還未在Spring IO更新，這裏要自己引入 -->
        <dependency>
            <groupId>org.springframework.session</groupId>
            <artifactId>spring-session</artifactId>
            <version>1.3.3.RELEASE</version>
        </dependency>
    </dependencies>

</project>

demo組件是我們的代碼測試區，還有功能實現測試，我們暫時先引用browser模塊。

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <!-- 父模塊信息 -->
    <parent>
        <artifactId>myself-security</artifactId>
        <groupId>com.myself.security</groupId>
        <version>1.0-SNAPSHOT</version>
        <relativePath>../myselfsecurity</relativePath>
    </parent>
    <modelVersion>4.0.0</modelVersion>

    <artifactId>myself-security-demo</artifactId>

    <dependencies>
        <!-- 引入browser代碼組件 -->
        <dependency>
            <groupId>com.myself.security</groupId>
            <artifactId>myself-security-browser</artifactId>
            <version>${myself.security.version}</version>
        </dependency>
        <!-- 用於接口測試 -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
        </dependency>
    </dependencies>

    <!-- 用於打包 -->
    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
                <version>2.0.5.RELEASE</version>
                <executions>
                    <execution>
                        <goals>
                            <goal>repackage</goal>
                        </goals>
                    </execution>
                </executions>
            </plugin>
        </plugins>
        <finalName>demo</finalName>
    </build>

</project>

啓動類

接下來我們要編寫啓動類，我使用了Swagger插件，還有初始化時我們先移除Security的登錄驗證，當然yml配置文件也要先關了Session管理

package com.myself;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
import springfox.documentation.swagger2.annotations.EnableSwagger2;

/**
 * @author  MySelf
 * @create  2018/9/15
 * @desc Demo SpringBoot 啓動類
 **/
@SpringBootApplication
@RestController
@EnableSwagger2
@EnableAutoConfiguration(exclude = {
        org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration.class
})
public class DemoApplication {

    /**
     * 啓動類
     * @param args {@link String}
     */
    public static void main(String[] args) {
        SpringApplication.run(DemoApplication.class,args);
    }

    /**
     * 初始化創建接口服務
     * @return {@link String}
     */
    @GetMapping("/hello")
    public String hello(){
        return "Hello Spring Security";
    }

}

結尾

好了，運行項目，我們就可以看到初始化成功的項目啦！

---

如果本文對你有幫助，歡迎關注個人技術公衆號，謝謝。